On Sat, Feb 18, 2023 at 12:04:27PM +0100, Gabriel Corona wrote:
> I believe obtaining a CVE ID would be beneficial so that this issue may be
> tracked by downstream projects/distributions.
All those distros were notified via your post to oss-security. You can
try cveform, if there's no assignment via that channel, that's about it.
In the past assigning CVEs for Debian was simple, but with some recent changes
it has become a complicated, time-consuming process and now we only do it
in select cases.
Cheers,
Moritz
